To have access to that vlan inside a virtual machine, simply change the settings from VMware Workstation Virtual Network Editor and have a vmnet that is bridged with the Hyper-V virtual NIC. Now you have a virtual interface that is configured for a specific vlan. Then configure the interface you just created to listen for the vlan tag needed Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName VLAN10 -Access -VlanID 10 Add-VMNetworkAdapter -ManagementOS -Name VLAN10 -SwitchName External_network Then open PowerShell with admin privileges and create a new virtual switch New-VMSwitch -Name "External_network" -NetAdapterName "Ethernet" "Ethernet" is the available NIC that you want the VSwitch to be based onĬreate virtual adapters for each vlan you want to assign. Create VLAN interfaces with Hyper-V VSwitchįirst you need to enable Hyper-V Services and Hyper-V Module for Windows PowerShell from Windows features, click OK and restart. Provided that the host NIC supports trunking, creating a virtual interface that is bound to a specific vlan tag in the host and bridging that interface to the VM, allows better control and isolation hence achieves our goal. Let's consider the following scenario: VLAN Segregation under VMware Workstation Then bridging that interface to the VM adapter, effectively passing-through that vlan to the VM.
The way it is done is by creating virtual interfaces in the host, each corresponds to specific vlan tag. VMware Workstation does not support handling of VLANS since they are mostly managed by the host NIC drivers, nevertheless there are workarounds. This can be done by providing entirely isolated networks using VLANS. Since VMware workstation does not provide some sort of vmnet firewall, it is better to offload that function to the physical firewall and have better visibility. Untrusted VMs traffic masquerade under the host ip when using NAT adapterīridging the VM adapter directly to the host NIC can also be problematic, the VM will have direct access and discovery of the local devices in the network. In a case of NAT adapter, all traffic originating from the VM destined outside the VM net, is masqueraded under the host ip address, so in addition to having access to the host, the VM has access to whatever the host machine has in the local network. If a Host-only adapter is given to the VM, the host is exposed to the VM directly and nothing else, assuming no host-based protections are in effect, the host could be vulnerable. Now, let's follow what happens when the VM gets compromised in each adapter case.
Host-only network adapters provides access to the host machine only, NAT adapters translate the VM source ip to the host ip address, while bridging provides an adapter that acts as if it is physically connected to the host NIC. VMware Workstation provides three types of network adapters Host-only, NAT, and Bridged network. One would assume by convention that using virtual machines is sufficient in terms of isolating what's running inside the VM from the host and the rest of the network, but that's not always the case.
The idea is to create virtual vlan tagged network interfaces in the host using Hyper-V virtual switch functionality (provided you don't have Intel or Realtek NIC see the note at the end of this blog for details), then adding a bridge adapter to the virtual machine with the correspondent vlan interface.